CVE-2023-41812 – Uploading executables via the file manager
https://notcve.org/view.php?id=CVE-2023-41812
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Pandora FMS permite acceder a funcionalidades no correctamente restringidas por ACL. Esta vulnerabilidad permitía cargar archivos ejecutables PHP a través del administrador de archivos. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-41811 – Stored XSS Via Site News Page
https://notcve.org/view.php?id=CVE-2023-41811
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773. La vulnerabilidad de Neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad permitía ejecutar código Javascript en la sección de noticias de la consola web. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-41810 – Stored XSS Via Dashboard Panel
https://notcve.org/view.php?id=CVE-2023-41810
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773. La vulnerabilidad de Neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad permitía ejecutar código Javascript en el cuadro de texto de algunos Widgets. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-41808 – Arbitrary File Read As Root Via GoTTY Page
https://notcve.org/view.php?id=CVE-2023-41808
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773. Vulnerabilidad de Gestión de Privilegios inadecuada en todo Pandora FMS permite Escalada de Privilegios. Esta vulnerabilidad permite a un usuario no autorizado escalar y leer archivos confidenciales como si fueran root. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-269: Improper Privilege Management •
CVE-2023-41807 – Linux Local Privilege Escalation Via GoTTY Page
https://notcve.org/view.php?id=CVE-2023-41807
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773. Vulnerabilidad de Gestión de Privilegios inadecuada en todo Pandora FMS permite Escalada de Privilegios. Esta vulnerabilidad permite a un usuario escalar permisos en el shell del sistema. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-269: Improper Privilege Management •